Fortinet Releases Security Updates to Address Critical Vulnerabilities in its Software Lineup
Fortinet, a leading provider of cybersecurity solutions, has released security updates to address 40 vulnerabilities in its software lineup, including FortiWeb, FortiOS, FortiNAC, and FortiProxy, among others. Of these, two are critical, 15 are high, 22 are medium, and one is low in severity. The patches are intended to fix these vulnerabilities, which could potentially allow attackers to execute arbitrary code and gain unauthorized access to sensitive data.
The most significant vulnerability on the list is a severe bug in the FortiNAC network access control solution (CVE-2022-39952, CVSS score: 9.8), which could allow an unauthenticated attacker to perform arbitrary writes on the system. This vulnerability is due to external control of file name or path flaw (CWE-73) in the FortiNAC web server. The affected products include FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8, 8.7, 8.6, 8.5, and 8.3. The patches for this vulnerability have been released in FortiNAC versions 7.2.0, 9.1.8, 9.1.8, and 9.1.8. A proof-of-concept (PoC) code for the flaw is expected to be released by penetration testing firm Horizon3.ai soon, making it imperative that users move quickly to apply the updates.
The second vulnerability of note is a set of stack-based buffer overflows in FortiWeb's proxy daemon (CVE-2021-42756, CVSS score: 9.3), which could enable an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. This vulnerability affects FortiWeb versions 6.4 and below, with fixes available in versions FortiWeb 6.0.8, 6.1.3, 6.2.7, 6.3.17, and 7.0.0.
Both vulnerabilities were discovered and reported by Fortinet's product security team. Notably, CVE-2021-42756 was identified in 2021 but was not publicly disclosed until now. Users of Fortinet's products are strongly advised to update their systems as soon as possible to ensure their security.
In conclusion, the security updates released by Fortinet to address the critical vulnerabilities in its software lineup demonstrate the company's commitment to providing its customers with robust security solutions. Users of Fortinet's products must install the patches as soon as possible to ensure their systems are protected against potential threats. By doing so, they can stay ahead of cybercriminals and maintain the integrity of their IT infrastructure.
Thank you for reading our blog today. We hope you found the information helpful and informative. If you enjoyed this blog, follow us on Twitter, Instagram, Linkedin, GitHub, Website, and Youtube for more exciting content and updates. If you have any questions or comments, please feel free to reach out to us. We would love to hear from you. Don't forget to share this with your friends and family who may also find this information useful. Thank you for your support and stay tuned for more!